CIAIMS 



Having thus described our invention, what we claim as new 
and desire to secure by Letters Patent is: 

1. A method for providing a protocol layer firewall for an 
endpoint in a distributed network comprising at least one server 
having at least an object request broker and a usage based 
firewall manager and a plurality of computing locations each 
having at least one endpoint, comprising the steps of: 

requesting an Application Action Object (AAO) from the at 
least one server; 

decoding the endpoint to determine the physical network 
address for said endpoint; 

creating an AAO with said decoded information; 

registering the protocol request with the usage based 
firewall manager to obtain a session nu]i±>er for said AAO; 

adding the session number to the AAO; and 

returning the AAO to the application. 

2. The method of Claim 1 further comprising monitoring the 
protocol usage at the endpoint. 



3. The method of Claim 2 wherein said monitoring of the 
protocol usage comprises the steps of: 
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said application executing an action method on said AAO; 

routing the AAO to a responsible gateway in response to said 
action method; and 

notifying the usage based firewall manager that the protocol 
has been used. 

4. The method of Claim 3 further comprising the step of 
determining if continued usage of the AAO at the endpoint is 
permissible . 

5. The method of- Glaim 4 wherein said determining 
comprises the steps of: 

retrieving stored maximums of requests for the protocol and 
application; 

obtaining a current request count for the protocol and 
application; 

comparing the current count to the configured maximum; and 
notifying the application of the results of said comparing. 

6. The method of Claim 4 further comprising ceasing usage 
of said AAO based on said determining. 

7. The method of Claim 5 further comprising ceasing usage 
of said AAO based on said determining. 
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8. The method of Claim 6 further comprising identifying an 
alternative endpaint to said application. 

9. The method of Claim 7 further comprising identifying an 
alternative endpoint to said application. 

10. A system for providing a protocol layer firewall for an 
endpoint in -a distributed network comprising: 

at least one object request broker for creating at least one 
application action object in response to an application request; 
and 

a usage based firewall manager for establishing a session 
for monitoring said at least one application action object at 
said endpoint. 

11. The system of Claim 10 further compri^sing at least one 
decoder component for decoding the endpoint. 

12. The system of Claim 10 further comprising monitoring 
means for monitoring the protocol usage at the endpoint. 

13. The system of Claim 12 wherein said monitoring means 
comprises at least one logical gateway for detecting action 
requests at said application action object and for notifying the 
usage based firewall manager that the protocol has been used. 
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14. The system of Claim 13 wherein said usage based 
firewall manager further comprises a determining component for 
determining if continued usage of the AAO at the endpoint is 
permissible. 

15. The system of Claim 14 further comprising at least one 
storage location for storing configuration information regarding 
maximum requests per endpoint and wherein paid determining 
component includes a comparator for comparing the current count 
of requests at the endpoint to the stored maximum requests for 
that endpoint. 

16. The system of Claim 14 further compjpising means for 
identifying at least one alternative endpoint to said 
application. 

17. A program storage device readable by i^achine, tangibly 
embodying a program of instructions executable by the machine to 
perform method steps for providing a protocol l^yer firewall for 
an endpoint in a distributed network comprising at least one 
server having at least an object request broker ^nd a usage based 
firewall manager and a plurality of computing locations each 
having at least one endpoint ^ said method- comprising the steps 
of: 
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receiving an Application Action Object (AAO) at the at least 
one server; 

decoding the endpoint to determine the physical network 
address for said endpoint; 
5 creating an AAO with said decoded information; 

registering the protocol request with the usage based 
firewall manager to obtain a session number for said AAO; 
adding the session number to the AAO; and 
returning the AAO to the application. 

18. The program storage device of Claim 17 wherein said 
method further comprises monitoring the protocol usage at the 
endpoint. 

19. The program storage device of Claim 18 wherein said 
method further comprises the steps of: 

determining if continued usage of the AAO at the endpoint is 
permissible; and 

notifying the application about the results of said 
determining. 

20. The program storage device-^ of Claim 19 wherein said 
20 determining method comprises the steps of: 

retrieving stored maximums of requests for the protocol and 
application; 
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obtaining a current request count for the protocol and 
application; and 

comparing the current count to the configured maximum. 

21, The program storage device of Claim 19 wherein said 
method further comprises monitoring activity at a plurality of 
endpoints and identifying at least one alternative endpoint to 
said application. 
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